mcp-for-sql-server
by edgarlopezcalomarde
Overview
This server provides tools for an AI agent to interact with and manage a SQL Server database, enabling schema querying, table creation, data insertion, and execution of raw SQL queries.
Installation
npx mcp-for-sql-serverEnvironment Variables
- DB_USER
- DB_PASSWORD
- DB_HOST
- DB_NAME
- DB_PORT
Security Notes
The `compose.yml` uses a hardcoded default SA password ('PassSegura777') for the SQL Server database, which is insecure for production environments. More critically, the `create-table` and `insert-data` tools are vulnerable to SQL injection: they construct SQL queries by directly interpolating user-provided `tableName` and column names (e.g., `campos.nombre`) into the SQL string via `prisma.$queryRawUnsafe` without proper sanitization or escaping. This allows an attacker to execute arbitrary SQL commands by manipulating these input parameters. The `execute-raw-queries` tool explicitly allows raw queries, making its security dependent on the trustworthiness of its caller.
Similar Servers
mssqlMCP
The SQL Server MCP (Model Context Protocol) Server enables AI assistants like GitHub Copilot within Visual Studio Code to interact with SQL Server databases, allowing for SQL query execution, detailed database metadata retrieval, and management of connections and security.
jewei-mssql-mcp-server
Provides a Micro-Agent Protocol (MCP) server for querying Microsoft SQL Server databases and retrieving table structures.
DatabaseMcpServer
Provides a robust and secure database access layer for AI assistants, supporting 19 types of databases with single-instance multi-database dynamic switching and over 50 tools for data and schema management.
MsSqlMCP
Provides an MCP Server for SQL Server database schema inspection and safe, read-only query execution to AI clients.